candidat.pole-emploi.fr XSS vulnerability

2015-10-12T14:43:00
ID OBB:91520
Type openbugbounty
Reporter retr0
Modified 2016-01-30T23:10:00

Description

Vulnerable URL:
https://candidat.pole-emploi.fr/candidat/rechercheoffres/resultats/_$0022--$003e$0020$003c$002fscript$003e$003csvg$002fonload$003d$0027$003balert$0028$002fXSSPOSED$002f$0029$003b$0027$003e_____P_________________________________
Details:

Description| Value
---|---
Patched:| Yes, at 30.01.2016
Latest check for patch:| 30.01.2016 23:10 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
Google Pagerank| 6
VIP website status:| No
Check candidat.pole-emploi.fr SSL connection:| (Grade: B)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 12 October, 2015 14:43 GMT
Vulnerability existence verified and confirmed| 12 October, 2015 14:46 GMT
Vulnerability patched by the website owner| 30 January, 2016 23:10 GMT